diff --git a/home/features/desktop/default.nix b/home/features/desktop/default.nix index 5b29cd1..8dcdbf4 100644 --- a/home/features/desktop/default.nix +++ b/home/features/desktop/default.nix @@ -17,15 +17,14 @@ xdg.mimeApps.enable = true; home.sessionVariables = { - QT_QPA_PLATFORMTHEME = "qt5ct"; WEBKIT_DISABLE_COMPOSITING_MODE = "1"; EDITOR = "emacs"; VISUAL = "emacs"; XDG_CONFIG_HOME = "\${HOME}/.config"; XDG_BIN_HOME = "\${HOME}/.local/bin"; XDG_DATA_HOME = "\${HOME}/.local/share"; - PATH = [ "\${XDG_BIN_HOME}" "\${HOME}/.cargo/bin" ]; }; + home.sessionPath = [ "\${XDG_BIN_HOME}" "\${HOME}/.cargo/bin" ]; home.packages = with pkgs; [ alacritty diff --git a/home/features/desktop/office.nix b/home/features/desktop/office.nix index 7d59005..062f44c 100644 --- a/home/features/desktop/office.nix +++ b/home/features/desktop/office.nix @@ -1,6 +1,7 @@ { pkgs, ... }: { home.packages = with pkgs; [ + nextcloud-client libreoffice neomutt tutanota-desktop diff --git a/hosts/lkk-nix-1/default.nix b/hosts/lkk-nix-1/default.nix index e287271..06d26ff 100644 --- a/hosts/lkk-nix-1/default.nix +++ b/hosts/lkk-nix-1/default.nix @@ -60,6 +60,10 @@ file = ../../secrets/littlelink-lanakk-env.age; mode = "770"; }; + littlelink-m3tam3re-env = { + file = ../../secrets/littlelink-m3tam3re-env.age; + mode = "770"; + }; }; identityPaths = [ "/home/m3tam3re/.ssh/lkk-nix-1" ]; }; diff --git a/hosts/lkk-nix-1/services/containers/#cal.nix# b/hosts/lkk-nix-1/services/containers/#cal.nix# new file mode 100644 index 0000000..3a2ebbc --- /dev/null +++ b/hosts/lkk-nix-1/services/containers/#cal.nix# @@ -0,0 +1,8 @@ +{ config, outputs, ... }: { + virtualisation.oci-containers.containers."cal" = { + image = "calcom.docker.scarf.sh/calcom/cal.com"; + environmentFiles = [ config.age.secrets.littlelink-lanakk-env.path ]; + ports = [ "3013:3000" ]; + extraOptions = [ "--ip=10.88.0.23" ]; + }; +} \ No newline at end of file diff --git a/hosts/lkk-nix-1/services/containers/default.nix b/hosts/lkk-nix-1/services/containers/default.nix index 632465c..d62709e 100644 --- a/hosts/lkk-nix-1/services/containers/default.nix +++ b/hosts/lkk-nix-1/services/containers/default.nix @@ -5,6 +5,7 @@ ./little-link.nix ./matomo.nix ./nextcloud.nix + ./nginx.nix ./wordpress.nix ./wireguard.nix ]; diff --git a/hosts/lkk-nix-1/services/containers/little-link.nix b/hosts/lkk-nix-1/services/containers/little-link.nix index 3214669..db7e12f 100644 --- a/hosts/lkk-nix-1/services/containers/little-link.nix +++ b/hosts/lkk-nix-1/services/containers/little-link.nix @@ -7,7 +7,7 @@ }; virtualisation.oci-containers.containers."littlelink_m3tam3re" = { image = "ghcr.io/techno-tim/littlelink-server"; - environmentFiles = [ config.age.secrets.littlelink-lanakk-env.path ]; + environmentFiles = [ config.age.secrets.littlelink-m3tam3re-env.path ]; ports = [ "3011:3000" ]; extraOptions = [ "--ip=10.88.0.21" ]; }; diff --git a/hosts/lkk-nix-1/services/containers/nginx.nix b/hosts/lkk-nix-1/services/containers/nginx.nix new file mode 100644 index 0000000..daa7f26 --- /dev/null +++ b/hosts/lkk-nix-1/services/containers/nginx.nix @@ -0,0 +1,8 @@ +{ config, outputs, ... }: { + virtualisation.oci-containers.containers."http-images" = { + image = "docker.io/nginx:alpine"; + ports = [ "3012:80" ]; + volumes = [ "/opt/service-data/http-images:/usr/share/nginx/html"]; + extraOptions = [ "--ip=10.88.0.22" ]; + }; +} diff --git a/hosts/lkk-nix-1/services/default.nix b/hosts/lkk-nix-1/services/default.nix index a075c1a..4621e0b 100644 --- a/hosts/lkk-nix-1/services/default.nix +++ b/hosts/lkk-nix-1/services/default.nix @@ -8,6 +8,7 @@ ./n8n.nix ./postgres.nix ./searx.nix + ./syncthing.nix ./traefik.nix ]; } diff --git a/hosts/lkk-nix-1/services/syncthing.nix b/hosts/lkk-nix-1/services/syncthing.nix new file mode 100644 index 0000000..566dddf --- /dev/null +++ b/hosts/lkk-nix-1/services/syncthing.nix @@ -0,0 +1,20 @@ +{ config, pkgs, ... }: { + services.syncthing = { + enable = true; + openDefaultPorts = true; + guiAddress = "0.0.0.0:8384"; + overrideDevices = true; + overrideFolders = true; + devices = { + "LK-DATA" = { + id = "BI7CMZF-2SGQMXW-RG47HRG-FEH454J-ZTCE544-BXNSCSJ-PXCE7A7-R4CX2Q3"; + }; + }; + folders = { + "Bildvorschauen" = { + path = "/opt/service-data/http-images"; + devices = [ "LK-DATA" ]; + }; + }; + }; +} diff --git a/hosts/lkk-nix-1/services/traefik.nix b/hosts/lkk-nix-1/services/traefik.nix index 06edfa1..1aa3d89 100644 --- a/hosts/lkk-nix-1/services/traefik.nix +++ b/hosts/lkk-nix-1/services/traefik.nix @@ -11,6 +11,13 @@ dnsChallenge = { provider = "godaddy"; }; }; }; + lets-encrypt = { + acme = { + email = "dev@lanakk.com"; + storage = "/var/lib/traefik/acme.json"; + tlsChallenge = {}; + }; + }; }; api = { }; entryPoints = { @@ -39,6 +46,15 @@ replacement = "https://\${1}/remote.php/dav"; }; }; + nextcloud_headers = { + headers = { + referrerPolicy = "no-referrer"; + stsSeconds = "31536000"; + forceSTSHeader = true; + stsPreload = true; + stsIncludeSubdomains = true; + }; + }; }; services = { baserow.loadBalancer.servers = [{ url = "http://localhost:3001/"; }]; @@ -61,6 +77,10 @@ [{ url = "http://localhost:3010/"; }]; littlelink-m3tam3re.loadBalancer.servers = [{ url = "http://localhost:3011/"; }]; + http-images.loadBalancer.servers = + [{ url = "http://localhost:3012/"; }]; + syncthing.loadBalancer.servers = + [{ url = "http://localhost:8384/"; }]; }; routers = { api = { @@ -112,6 +132,15 @@ service = "matomo"; entrypoints = "websecure"; }; + matomo-weltkarte-pinnwand = { + rule = "Host(`stats.weltkarte-pinnwand.com`)"; + tls = { + certResolver = "godaddy"; + domains = "stats.weltkarte-pinnwand.com"; + }; + service = "matomo"; + entrypoints = "websecure"; + }; searx = { rule = "Host(`search.lanakk.com`)"; tls = { @@ -138,7 +167,7 @@ }; service = "nextcloud"; entrypoints = "websecure"; - middlewares = "nextcloud_redirectregex"; + middlewares = "nextcloud_redirectregex,nextcloud_headers"; }; wireguard = { rule = "Host(`wg.lanakk.com`)"; @@ -178,9 +207,30 @@ service = "littlelink-lanakk"; entrypoints = "websecure"; }; + http-images = { + rule = "Host(`media.lanakk.com`)"; + tls = { + certResolver = "godaddy"; + domains = "media.lanakk.com"; + }; + service = "http-images"; + entrypoints = "websecure"; + }; + syncthing = { + rule = "Host(`sync.lanakk.com`)"; + tls = { + certResolver = "godaddy"; + domains = "sync.lanakk.com"; + }; + service = "syncthing"; + entrypoints = "websecure"; + }; littlelink-m3tm3re = { rule = "Host(`links.m3tam3re.com`)"; - tls = { domains = "links.m3tam3re.com"; }; + tls = { + certResolver = "lets-encrypt"; + domains = "links.m3tam3re.com"; + }; service = "littlelink-m3tam3re"; entrypoints = "websecure"; }; diff --git a/secrets.nix b/secrets.nix index bd8aae3..7cb6af3 100644 --- a/secrets.nix +++ b/secrets.nix @@ -16,6 +16,7 @@ in { "briefkasten-env.age".publicKeys = [ root ]; "littlelink-lanakk-env.age".publicKeys = [ root ]; + "littlelink-m3tam3re-env.age".publicKeys = [ root ]; "traefik-env.age".publicKeys = [ root ]; } diff --git a/secrets/littlelink-lanakk-env.age b/secrets/littlelink-lanakk-env.age index 399d902..b9176d3 100644 Binary files a/secrets/littlelink-lanakk-env.age and b/secrets/littlelink-lanakk-env.age differ diff --git a/secrets/littlelink-m3tam3re-env.age b/secrets/littlelink-m3tam3re-env.age new file mode 100644 index 0000000..bb0c4e2 Binary files /dev/null and b/secrets/littlelink-m3tam3re-env.age differ